[tor-bugs] #20471 [Applications/Tor Browser]: Allow javascript: links from HTTPS first party pages

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 18 17:15:33 UTC 2017


#20471: Allow javascript: links from HTTPS first party pages
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  ma1
     Type:  defect                               |         Status:
                                                 |  reopened
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability-website, tbb-          |  Actual Points:
  security-slider, TorBrowserTeam201612,         |
  noscript                                       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by cypherpunks):

 * keywords:  tbb-usability-website, tbb-security-slider,
     TorBrowserTeam201612 =>
     tbb-usability-website, tbb-security-slider, TorBrowserTeam201612,
     noscript
 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 Replying to [comment:8 cypherpunks]:
 > Replying to [comment:7 ma1]:
 > Nice. Could you also make Web Audio API "click-to-play" as WebGL?
 Giorgio, where are you?

 Your fix has a regression: if you temporarily allow JS for e.g.
 about:newtab.
 STR:
 1. Search something with DDG.
 2. Temporarily allow all this page for about:newtab.
 3. JS is broken on DDG page, {{{<meta http-equiv="refresh"
 content="0;URL=...}}} is visible.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20471#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list